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Amendments to the Claims 

1. (original) An apparatus for proving authentication when a user is not present, 
said apparatus comprising: 

5 a Web service client coupled to a service provider; 

a Web service provider; and 
a discovery service; 
wherein: 

said Web service client, said service provider, said Web service provider, and 
10 said discovery service agree to work with each other; and 

said Web service provider is configured in such a way such that said calling 
Web service client must prove that it has permission to request a service from said Web 
service provider when a live authenticated session of said user with said Web service 
client is not present. 

15 

2. (original) The apparatus of Claim 1, wherein said Web service client comprises 
an assertion, said assertion comprising a statement that said user has an authenticated 

session. 

20 3. (original) The apparatus of Claim 2, wherein said assertion is signed by an 
authority. 

4. (original) The apparatus of Claim 3, wherein said authority is an identity provider 
of said discovery service. 

25 

5. (original) The apparatus of Claim 2, wherein said statement comprises, but is not 
limited to, the following information: 

a system entity that made said assertion; 
a system entity making a request; 
30 a system entity relying on said assertion; and 

a name identifier of said user in a namespace of said system entity that made 
said assertion to said system entity relying on said assertion. 

6. (original) The apparatus of Claim 5, wherein said system entity making said 
35 assertion is an identity provider of said discovery service. 
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7. (original) The apparatus of Claim 5, wherein said system entity making a request 
is said Web service client. 

8. (original) The apparatus of Claim 5, wherein said system entity relying on said 
5 assertion is said Web service provider. 

9. (original) The apparatus of Claim 5, wherein said asserting party is said Web 
service client and said relying party is said Web service provider. 

10 10. (original) The apparatus of Claim 2, wherein said statement is included in an 
extended assertion that is given to said service provider at time of authentication. 

1 1 . (original) The apparatus of Claim 1 , further comprising: 

means for said Web service client presenting to said discovery service a service 
15 assertion obtained from a second system entity, wherein said service assertion 
comprises a user presence statement; and 

means for said discovery service issuing a new service assertion comprising a 
new user presence statement, said new service assertion and said new user presence 
statement associated with said second system entity. 

20 

12. (original) The apparatus of Claim 11, wherein said second system entity is a 
second Web service client. 

13. (original) The apparatus of Claim 1, further comprising means for said discovery 
25 service recording and storing user statement information. 

14. (original) The apparatus of Claim 13, wherein said recorded and stored user 
statement information is in the form of a table. 

30 15. (original) The apparatus of Claim 1, further comprising means for said Web 
service provider storing a ticket for checking said permission to request a service. 

16. (original) The apparatus of Claim 1, further comprising means for testing a 
request to said Web service provider while a user is still present, wherein either or both 
35 said discovery service and said Web service provider can perform real-time consent 
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informational data collection from a user without having actually performed a particular 
transaction. 

17. (original) A method for proving authentication when a user is not present, said 
5 method comprising the steps of: 

providing a Web service client coupled to a service provider; 
providing a Web service provider; and 
providing a discovery service; 
wherein: 

10 said Web service client, said service provider, said Web service provider, and 

said discovery service agree to work with each other; and 

said Web service provider is configured in such a way such that said calling 
Web service client must prove that it has permission to request a service from said Web 
service provider when a live authenticated session of said user with said Web service 

15 client is not present 

18. (original) The method of Claim 17, wherein said Web service client comprises an 
assertion, said a ssertion c omprising a statement that s aid user h as a n a uthenticated 
session. 

20 

19. (original) The method of Claim 18, wherein said assertion is signed by an 
authority. 

20. (original) The method of Claim 19, wherein said authority is an identity provider of 
25 said discovery service. 

21. (original) The method of Claim 18, wherein said statement comprises, but is not 
limited to, the following information: 

a system entity that made said assertion; 
30 a system entity making a request; 

a system entity relying on said assertion; and 

a name identifier of said user in a namespace of said system entity that made 
said assertion to said system entity relying on said assertion. 

35 22. (original) The method of Claim 21, wherein said system entity making said 
assertion is an identity provider of said discovery service. 

1 1 
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23. (original) The method of Claim 21. wherein said system entity making a request 
is said Web service client. 

5 24. (original) The method of Claim 21, wherein said system entity relying on said 
assertion is said Web sen/ice provider. 

25. (original) The method of Claim 21 , wherein said asserting party is said Web 
service client and said relying party is said Web service provider. 

10 

26. (original) The method of Claim 18, wherein said statement is included in an 
extended assertion that is given to said service provider at time of authentication. 

27. (original) The method of Claim 17, further comprising the steps of: 

15 said Web service client presenting to said discovery service a service assertion 

obtained from a second system entity, wherein said service assertion comprises a user 
presence statement; and 

said discovery service issuing a new service assertion comprising a new user 
presence statement, said new service assertion and said new user presence statement 

20 associated with said second system entity. 

28. (original) The method of Claim 27, wherein said second system entity is a second 
Web service client. 

25 29. (original) The method of Claim 17, further comprising the step of said discovery 
service recording and storing user statement information. 

30. (currently amended) The method of Claim 2029, wherein said recorded and 
stored user statement information is in the form of a table. 

30 

31. (original) The method of Claim 17, further comprising the step of said Web 
service provider storing a ticket for checking said permission to request a service. 

32. (original) The method of Claim 17, further comprising the step of testing a 
35 request to said Web service provider while a user is still present, wherein either or both 

said discovery service and said Web service provider can perform real-time consent 

12 
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informational data collection from a user without having actually performed a particular 
transaction. 

33. (original) A method for invoking authenticated transactions o n behalf of a user 
5 when the user is not present, said method comprising the steps of: 

a service provider, at a time when a user is present, asking the user if said 
service provider can perform a particular transaction at a later point in time when the 
user is not present, wherein if the user indicates yes, then said service provider sending 
a notification to register with any of, or both of: 
10 a trusted discovery service; and 

a Web service provider that performs said particular transaction; 
wherein while the user is still present, the user can be asked to provide 
informational content related to said particular transaction; and 

for invocation, said service provider making a request of the Web service 
1 5 provider to perform said particular transaction. 

34. (original) The method of Claim 33, further comprising the step of a discovery 
service checking if the user gave permission for contacting said Web service provider 
when the user is not present, and if permission is granted, allowing control to go to said 

20 Web service provider. 

35. (original) The method of Claim 33, further comprising any of the steps of said 
Web service provider: 

trusting said discovery service performed checking for permission and accepting 
25 that if said discovery service indicates the user gave permission, then said Web service 
provider performing said particular transaction; and 

said Web service provider deciding to perform checking for permission, and 
subsequently performing said particular transaction if said Web service provider 
determines permission is granted. 

30 

36. (original) The method of Claim 33, further comprising the step of providing a user 
capability of reviewing and modifying stored permissions. 

37. (original) The method of Claim 33, further comprising the step of providing robust 
35 security by having trust kept centrally in said discovery service. 
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